Breach appeared to have occurred in 2011 and user passwords were allegedly not encrypted.

2016 appears to be the year of the "mega breaches" and the hits keep on coming, with the Russian instant messaging service QIP.ru becoming the latest victim of hackers.

Cybersecurity startup Heroic, which offers hacker and cyberattack protection to users, told IBTimes UK that the firm had "obtained and validated a data breach of over 33 million accounts associated with the Russian instant messaging platform".

The database, which according to the firm contains 33,394,101 accounts, has been verified with successful password reset attempts.

"The database was provided to us by a renowned hacker daykalif@xmpp.jp," the firm said. "The database contains user email addresses, usernames, passwords and other related fields dating from 2009-2011. The passwords within the database were stored in plaintext with no encryption or hashing."

Reports speculate that since the passwords were stored in plaintext – not encoded, meaning they can be easily read – it is highly likely that the hackers had complete access to users' accounts, without having to use password-cracking tools.

QIP.ru is the third Russian service to be hit by hackers. More than a 100 million usernames and passwords were recently leaked online from Russian internet giant Rambler, which is widely considered to be Russia's Yahoo. The data, like QIP's, also came from a previous breach that occurred in 2012.

In June, more than 100 million accounts associated with Russia's popular social media platform VK were found up for sale on the dark web.

As with QIP, user passwords stored by Rambler and VK were also found to be in plaintext, likely making accessing user information much simpler for cybercriminals.

However, Russian platforms are not the only ones to fall victim to such breaches. Other recent examples of high-profile data breaches include ones sustained by tech giants including LinkedIn, MySpace and Dropbox.

Dark web marketplaces are becoming increasingly flooded with user accounts from old breaches. Recently a dark web marketplace called xDedic was found selling access to scores of hacked servers belonging to governments, businesses and even universities.